Sandboxing Browsers & E-mail Applications Properly

Since most infections from malware come through browsers such as Chrome, Firefox, Internet Explorer, Safari, etc. and e-mail clients such as Outlook, Outlook Express, Thunderbird, Windows Mail, Windows Live Mail, etc., it makes perfect sense to me to have these run in the sandbox.

What would be the best way to add these to the sandbox to keep malware from them infecting a computer but so they are still able to operate correctly?

For example, Mozilla Firefox running on Windows 7 64-bit. I know you open CIS, go to Defense+, click RUN A PROGRAM IN THE SANDBOX, click BROWSE, and go to…

C:\Program Files (x86)\Mozilla Firefox\firefox.exe


If you are using a LUA/SUA i would use Partially limited. If not, you might try limited but you might get some troubles, for example you will not be able to copy/paste.

The Manual Sandbox is one way to protect from exploits with stolen digital signatures. From what i have seen Comodo checks first the whitelist, and if not in there then the blacklist.

If you want something to always run in the sandbox, you can go to Defense+ → Computer Security Policy and add the program to the Always Sandbox list.

I added firefox.exe and thunderbird.exe using your steps as limited. I’ll see how it goes.

Firefox is running like ■■■■ on LIMITED :frowning:

EDIT: The same with PARTIALLY LIMITED as well. Looks like sandboxing won’t work in regards to performance.

I use Opera and it runs very well in partially limited, even in limited.
From what i remember FF does not run well in limited, but my family uses FF in partially limited without a problem.

I think you will have to wait for V.6 of CIS. It will improve a lot the process of virtualizattion.

Or use Opera browser test builds for your email and surfing. The ultimate security by obscurity… 8)

This FAQ may help: Sandboxing browsers.

But I agree, the facilitites in v6 may be better (rumour not promise). :slight_smile: